899 matches found
CVE-2023-53771
CVE-2023-53771 affects MiniDVBLinux 5.4. The vulnerability is an authentication bypass in the system-setup endpoint: remote attackers can craft POST requests with modified SYSTEM_PASSWORD to reset the root password. This is evidenced by multiple sources (Red Hat, EUVD, NVD, CVE lists) describing ...
EUVD-2025-201892
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-41692
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-41692
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-41692
CVE-2025-41692 describes a high-privilege remote attack against a webUI where an admin user can brute-force the underlying OS root and user passwords due to a weak password generation algorithm. Connected sources (Red Hat and NVD/NVD-derived entries) indicate potential downstream risks: separate ...
CVE-2025-41692 Weak/Predictable root Password
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-41692 Weak/Predictable root Password
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
PT-2025-50268
Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description The software contains a flaw that allows remote attackers to bypass authentication and modify the root password. This is achieved by sending specially crafted POST requests to the system setup endpoint,...
PT-2025-49811
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-53963
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...
CVE-2025-53963
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...
CVE-2025-53963
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...
PT-2025-49036
Name of the Vulnerable Software and Affected Versions Thermo Fisher Ion Torrent OneTouch 2 INS1005527 affected versions not specified Description The devices run an SSH server accessible via port 22. The root account has a default password of ionadmin, and a password change policy is not enforced...
CVE-2025-53963
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...
CVE-2025-53963
CVE-2025-53963 affects Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. An SSH server on port 22 uses a weak default root password (ionadmin) with no enforced password-change policy, allowing a network-connected attacker to achieve root code execution. Notes across sources indicate the vu...
CVE-2025-64517
sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...
CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp
sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-11649
CVE-2025-11649 affects Tomofun Furbo 360 and Furbo Mini. The vulnerability ties to an unknown function in the Root Account Handler that, when manipulated, reveals a hard-coded password. Exploitation requires local access and is described as high complexity with low privileges and no user interact...
CVE-2025-59957 Junos OS: EX4600 Series and QFX5000 Series: An attacker with physical access can open a persistent backdoor
An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. When a device isn't...